Issues regarding RockNSM 2.4

Dear RockNSM community,

Together with my colleagues we’ve found several issues in the implementation of RockNSM 2.4 .

(Now that 2.5 is out, we’re having less issues).

However, I think it is still of value to let the community and developers know the issues we encounterd.

Hereby the issues (copy-pasted from my co-worker):

#line 289, comment out: #    source: "{{ item[0] }}"
#Ansible firewalld module states that 'port' and 'source' can not be used in conjunction with each other. (Is fixed in master branch but not in 2.4 ISO)

# 2.4 Docket complains about an invalid name in the form of {{servername}}_docket but the github repo has this already fixed in github master branch to {{servername}}-docket

## Cloned the rock github repository for its playbooks.
# Had to manuall fix /etc/yum.repos.d/rocknsm.repo
# Specifically, the baseURL had to point to: baseurl =$basearch
# instead of the '2.4' version. (pull request for this fix present since somewhere 2019)

# After emptying all of Elasticsearch ( modifying elasticsearch.yml so I can run curl -XDELETE 'http://localhost:9200/_all')
# I would expect 'sudo rock deploy' to recreate all appropriate indexes and import kibana dashboards again, this is not the case however.

# 'rock destroy' does not run because
# include_vars: rocknsm_config.dist.yml # Does not exist

# 'rock destroy' only deletes /data/stenographer and no others.
# During a custom installation I've made subdirectories under /data their own volumes and as such, this step fails too because it cannot delete the volume, instead it should empty the contents of these directories

# 'rock destroy' tries to stop services using '/sbin/rock_stop' (which does not exist)
# 'rock stop' does not always stop all services even though it returns an 'ok' at the end but 'rockctl stop' has never failed to actually kill everything

# running playbooks from git master branch on a 2.4 installation will cause a clash between bro and zeek as well as leave both repositories in the yum repo list
# I would expect (prefer) playbooks to check for a specific major version (2.4 and 2.5) and then disable or remove the others

# There is currently no way to start 'fresh' after the system has been installed

# No clear way to upgrade from 2.4 > 2.5

This was it.

Now that we’re on 2.5 (from a fresh/clean install) we’re encountering less issues.

Hopefully the development team can learn from this.

Thank you for the feedback. Please let us know if you come across issues in 2.5.

1 Like